FBI Cyber Warning: Ignore Your CEO's E-Mail And Phone Her Back -- Or Your Company May Pay For It

Steve Morgan
, ContributorI write about the business of cybersecurity.Opinions expressed by Forbes Contributors are their own.

Photographer: LOIC VENANCE/AFP/Getty Images

The FBI is warning people about a business email scheme which has resulted in huge losses to companies in Phoenix and other U.S. cities.

Here's how the scam works:

A CEO seemingly emails an employee -- typically in a finance or administrative role -- instructing them to perform a wire transfer.

The employee follows directions and executes the wire.

Money is successfully transferred from the CEO's company to another party.

So, what's wrong with this picture?

Turns out the CEO didn't send the email. The CEO's email identity was spoofed by a cybercriminal who sent the email. E-Mail spoofing is a widespread hacker practice involving the forgery of an e-mail header.

The employee actually wired money into the hacker's bank account (or someone affiliated with the hacker, which often times is a foreign entity).

If you receive an email (only) from your CEO or another high-ranking officer instructing you to perform a wire transfer - don't do it. Instead, pick up the phone and dial your CEO to verify the request. Otherwise you might have B.E.C. on your face.

Visit SteveOnCyber.com to read all of my blogs and articles covering cybersecurity.